Practical exploitation of Drupal security vulnerabilities
Practical exploitation of Drupal security vulnerabilities
Drew Webber (mcdruid)
What would it look like if your site got hacked? What would the bad actors actually do, and why? How can you avoid this?
Prerequisite
No prerequisites.
Outline
The Drupal Security Team work with the wider Community to address a diverse range of vulnerabilities in Drupal core and contrib projects; from Cross Site Scripting (XSS), Remote Code Execution (RCE), Server Side Request Forgery (SSRF), SQL Injection (SQLi), and Unsafe Deserialisation.. among others.
In this session we'll look at practical examples of different types of vulnerabilities, and examine what it would look like if they were exploited by bad actors.
Learning Objectives
The aim is to provide a deeper understanding of why it's important to address these problems, going beyond the well-known "alert" XSS pop up.
We'll also cover approaches for detection, mitigation, and prevention as these apply to web application vulnerabilities.
Experience level
Beginner